dqqy64515 2017-10-22 11:17
浏览 99
已采纳

php password_hash和password_verify失败

Basic question but I keep failing. Have checked out similar topics but didn't get closer to the solution, so please don't redirect me just point out what I'm missing. Thank you.

<?php 

$hashed_password = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

$password = ($_POST["reg_password"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

$query = mysqli_query($con, "INSERT INTO user VALUES('', '$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

This is the registering part and it is working flawlessly. The provided password is getting hased and stored in the DB.

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $password = password_verify($_POST["login_password"], $hashed_password);

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE password = '$password'");

    $checkLogin = mysqli_num_rows($checkDB);

    if($checkLogin == 1){
        $row = mysqli_fetch_array($checkDB);

        echo "Welcome";
    }

    else {
        echo "Password incorrect";
    }
}
?>

This is the login part and it always fails. I suspect the following snippet to be the culprit:

$password = password_verify($_POST["login_password"], $hashed_password);

but have no idea how to fix it.

Any help would be great. Thank you!

UPDATED CODE:

register.php:

<?php 

$hashed_password = "";
$name = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

    $password = ($_POST["reg_password"]);
    $name = ($_POST["reg_name"]);

    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    $query = mysqli_query($con, "INSERT INTO user VALUES('', '$name','$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_name" placeholder="Name">
        <br><br>
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="text" name="login_name" placeholder="Name">
        <br><br>
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

login.php:

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $name = $_POST['login_name'];
    $password = $_POST['login_password'];

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE name = '$name'");

    $passwordField = null;

    while($getRow = mysqli_num_rows($checkDB)){
        $passwordField = $getRow['password']; // Get hashed password
    }

    if(password_verify($password, $passwordField)){
        echo('Correct');
    }else{
        echo('Wrong');
    }
}
?>
  • 写回答

2条回答 默认 最新

  • dtk31564 2017-10-22 11:45
    关注

    You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]

    <?php

$con = mysqli_connect("localhost", "root", "", "testtable");

if(isset($_POST["login_button"])){

    // $password = password_verify($_POST["login_password"], $hashed_password);
    $password = $_POST['password'];
    $checkDB = mysqli_query($con, "SELECT * FROM user");

    while($getRow = mysqli_fetch_array($checkDB)){
        $passwordRow = $getRow['password'];
    }

    if(password_verify($password, $passwordRow) === TRUE){
        echo('Welcome');
    }else{
    echo('Wrong credentials');
    }
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题